Trend Micro announces next generation of deep threat management system
Trend Micro says almost everything is new here, beginning with enhanced threat detection engines and multi-level correlation rules to minimize false positives
“We have expanded the threat detection engines and correlation rules to determine document exploit detection, such as an exploit in a JPEG or an Adobe document — purports to be an internal report,” Faulker said. “We are not looking to see if its a falsified email but looking at content to determine if it’s malicious. Once it passes a test to see if it really IS from Wells Fargo, for instance, or it is a bogus sender, that’s where the technology really kicks in, to see if it is malicious.”
Faulkner said there is one other major thing that is different in the detection engine.
“It’s not just looking for malware but for human attacker behavior, which open a backdoor once they infect the system,” Faulkner said. “It’s based on heuristic rules. This is something the earlier generation didn’t focus on.
The sandboxing capability is also very different.
“It lets a file that might contain malware execute in a virtual environment where it does no harm, but we can observe it,” Faulkner said “It allows us to take a suspicious specimen or known malicious one and put it under a microscope to see what it is trying to do.”
“This is new, because we had only used it in back-end processing before,” Faulkner said. “We had talked about it being used like this, but had not delivered it.”
The management console is also different here. It provides real-time threat visibility and deep analysis in an intuitive multi-level format that facilitates focusing on the real risks, performing deep forensic analysis, and rapidly implementing containment and remediation procedures. The Threat Analysis Dashboard features quick access widgets, in-depth threat profiling, and geo-location of malicious communication. Watch List capability closely monitors high severity threats and high value assets. And a Threat Connect portal provides direct access to TrendLabs intelligence for a specific attack or malware.
Trend Micro expects the new version of this product will open up new markets among very large companies and government.
“Our old sweet spot was small and medium sized enterprises — the 1000-5000 range — but this expands our target market to larger customers and government,” Faulkner said. “They want the sandbox and the capacity because they have multi gigabit networks, and this can scale to infinity and beyond.”
This will also be available as a software appliance so it can be used by customer or partner who deals with a different hardware vendor. Trend Micro uses Dell.
“We are also seeing a lot of interest from customers and partners in offering this as a virtual appliance,” Faulkner said.
“The new name — Discovery — also reflects an area we see ourselves going in in the future,” Faulkner said. “They include things that are not a threat directly, but which could be interesting and valuable to a customer, like data loss detection, or unencrypted data existing the company.”
“Another new development later in 2012 will be mobile device identification and tracking,” he said. “The basic detection ability is in it now.”
Trend Micro Deep Discovery is in beta now, with general availability planned in April.